I always get a lot of questions related to Azure Defender and Microsoft Defender for Endpoint (MDE). Are they both the same? If I hold the Azure Defender license does it mean I have MDE for all my clients (on-prem and cloud)?
So if you have these questions in your mind, then let me clarify them in this article.
Azure Defender and Microsoft Defender for Endpoint are completely two separate products; the former dedicated for Cloud Security Posture Management (CSPM) and cloud workload protection platform (CWPP) scenarios while the latter is dedicated for endpoint protection.
Azure Defender includes Microsoft Defender for Endpoint (MDE) as an integrated EDR solution, which you can use to secure your servers (server VMs) and clients (Windows 10 Enterprise multi-session & Azure Virtual Desktops only). So when you pay $15 per servers to protect your VMs, you also get MDE activated on those VMs. This means Security Center will automatically deploy the MDE sensor (MDE.Windows) on the server VMs as part of the Standard tier so you don't have to pay for any extra licenses for Defender ATP.
Microsoft Defender for Endpoint requires one of the following license:
Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
Microsoft 365 A5 (M365 A5)
Microsoft 365 E5 Security
Windows 10 Education A5
MDE purchased via the above licenses can be used to protect all of your endpoints (on-premise devices, cloud devices). To protect servers, it requires one of the following licensing options:
Azure Security Center with Azure Defender enabled
Microsoft Defender for Endpoint for Server (one per covered server)
If you just hold the Azure Defender license, you can only protect Azure VMs running windows and not all client devices.
Hope you have a clear picture now. :)
Comments